vxd-e8.html

介绍vxd驱动编写的入门和实际代码,让你对硬件驱动和window下的汇编有个初步认识

<!doctype html public "-//w3c//dtd html 4.0 transitional//en">
<html>
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
   <meta name="Author" content="Iczelion">
   <meta name="GENERATOR" content="Mozilla/4.7 [en] (Win98; I) [Netscape]">
   <title>Client Register Structure</title>
</head>
<body text="#FFFFFF" bgcolor="#000080" link="#FFFF00" vlink="#8080FF" alink="#FF00FF">

<center>
<h1>
<font face="Tahoma"><font color="#FFFF99">Client Register Structure</font></font></h1></center>
<font face="Tahoma"><font size=-1>We will examine another important structure 
in this tutorial, namely the client register structure. <a href="files/vxdbeep.zip">Download 
the example</a>.</font></font> 
<h3>
<font face="Tahoma"><font color="#FF99FF">Some theory</font></font></h3>
<font face="Tahoma"><font size=-1>VxDs are very different from normal win32/win16/DOS
applications. VxDs are, most of the time, dormant while other normal apps
do their businesses. They act like supervisors which look over other ring-3
apps and correct them when they did something wrong. The typical situation
is as follows:</font></font>
<ol>
<li>
<font face="Tahoma"><font size=-1>An interrupt occurs</font></font></li>

<li>
<font face="Tahoma"><font size=-1>The VMM gains control</font></font></li>

<li>
<font face="Tahoma"><font size=-1>The VMM saves the values of the registers</font></font></li>

<li>
<font face="Tahoma"><font size=-1>The VMM services the interrupt or calls
other VxDs to do the job</font></font></li>

<li>
<font face="Tahoma"><font size=-1>The VMM returns control to the interrupted
program.</font></font></li>
</ol>
<font face="Tahoma"><font size=-1>The interesting thing about the above
process is that, the only way VMM can affect the interrupted app is by
modifying the saved register image. For example, if the VMM deems the interrupted
program should resume at a different address, it can alter the value of
CS:IP in the saved register image and then when the program is redispatched,
it will resume execution at the new CS:IP.</font></font>
<br><font face="Tahoma"><font size=-1>The VMM saves the values of the registers
at the interrupted point in the <b><font color="#FFFF99">client register
structure</font></b>.</font></font>
<blockquote><b><tt>Client_Reg_Struc STRUC</tt></b>
<blockquote><b><tt>Client_EDI DD ?</tt></b>
<br><b><tt>Client_ESI DD ?</tt></b>
<br><b><tt>Client_EBP DD ?</tt></b>
<br><b><tt>Client_res0 DD ?</tt></b>
<br><b><tt>Client_EBX DD ?</tt></b>
<br><b><tt>Client_EDX DD ?</tt></b>
<br><b><tt>Client_ECX DD ?</tt></b>
<br><b><tt>Client_EAX DD ?</tt></b>
<br><b><tt>Client_Error DD ?</tt></b>
<br><b><tt>Client_EIP DD ?</tt></b>
<br><b><tt>Client_CS DW ?</tt></b>
<br><b><tt>Client_res1 DW ?</tt></b>
<br><b><tt>Client_EFlags DD ?</tt></b>
<br><b><tt>Client_ESP DD ?</tt></b>
<br><b><tt>Client_SS DW ?</tt></b>
<br><b><tt>Client_res2 DW ?</tt></b>
<br><b><tt>Client_ES DW ?</tt></b>
<br><b><tt>Client_res3 DW ?</tt></b>
<br><b><tt>Client_DS DW ?</tt></b>
<br><b><tt>Client_res4 DW ?</tt></b>
<br><b><tt>Client_FS DW ?</tt></b>
<br><b><tt>Client_res5 DW ?</tt></b>
<br><b><tt>Client_GS DW ?</tt></b>
<br><b><tt>Client_res6 DW ?</tt></b>
<br><b><tt>Client_Alt_EIP DD ?</tt></b>
<br><b><tt>Client_Alt_CS DW ?</tt></b>
<br><b><tt>Client_res7 DW ?</tt></b>
<br><b><tt>Client_Alt_EFlags DD ?</tt></b>
<br><b><tt>Client_Alt_ESP DD ?</tt></b>
<br><b><tt>Client_Alt_SS DW ?</tt></b>
<br><b><tt>Client_res8 DW ?</tt></b>
<br><b><tt>Client_Alt_ES DW ?</tt></b>
<br><b><tt>Client_res9 DW ?</tt></b>
<br><b><tt>Client_Alt_DS DW ?</tt></b>
<br><b><tt>Client_res10 DW ?</tt></b>
<br><b><tt>Client_Alt_FS DW ?</tt></b>
<br><b><tt>Client_res11 DW ?</tt></b>
<br><b><tt>Client_Alt_GS DW ?</tt></b>
<br><b><tt>Client_res12 DW ?</tt></b></blockquote>
<b><tt>Client_Reg_Struc ENDS</tt></b></blockquote>
<font face="Tahoma"><font color="#FFFFFF"><font size=-1>You can see that
there are two sets of members in this structure: Client_xxx and Client_Alt_xxx.
This requires a little explanation. In a given VM, there can be two threads
of execution: V86 and protected-mode. If an interrupt occurs when a V86
program is active, the Client_xxx will contain the images of the registers
of the V86 program, the Client_Alt_xxx will contain those of the PM program.
Alternately, if an interrupt occurs when the PM program is active, the
Client_xxx will contain the values of the PM program's registers while
the Client_Alt_xxx will contain the values of the V86 program's registers.
The Client_resX are reserved and not used.</font></font></font>
<br><font face="Tahoma"><font size=-1><font color="#FFFFFF">You may have
a question after examining the structure: what if I want to alter only
a byte&nbsp; in a register, say al ? The above structure only describes
word-and dword-sized registers. Have no fear. Take a look inside vmm.inc.
There are additional two structures for just this purpose: </font><b><font color="#FFFF99">Client_Word_Reg_Struc
</font></b><font color="#FFFFFF">and
</font><b><font color="#FFFF99">Client_Byte_Reg_Struc</font></b><font color="#FFFFFF">.
If you want to access word-or byte-sized registers, typecast the </font><b><font color="#FFFF99">Client_Reg_Struc</font></b><font color="#FFFFFF">
into </font><b><font color="#FFFF99">Client_Word_Reg_Struc</font></b><font color="#FFFFFF">
or </font><b><font color="#FFFF99">Client_Byte_Reg_Struc </font></b><font color="#FFFFFF">according
to your need. You can also</font></font></font>
<br>&nbsp;
<h4>
<b><font face="Tahoma"><font color="#66FF99">The next question: How can
we obtain the pointer to the client register structure?</font></font></b></h4>
<font face="Tahoma"><font size=-1><font color="#FFFFFF">It's actually easy:
most of the time, the VMM puts the address of the client register structure
in </font><b><font color="#FFFF99">ebp</font></b><font color="#FFFFFF">
when it calls our VxD. The client register structure in this case is the
current VM's. Alternatively, you can obtain this pointer from the VM handle.
Remember that a VM handle is actually the linear address of the </font><b><font color="#FFFF99">VM
control block</font></b><font color="#FFFFFF">.</font></font></font>
<blockquote><b><tt><font color="#FFFFFF">cb_s STRUC</font></tt></b>